From 72db4a95304ccd18529fe5bc471a45947d91efdc Mon Sep 17 00:00:00 2001
From: Sean Bright <sean@seanbright.com>
Date: Thu, 9 Nov 2023 17:59:19 -0500
Subject: [PATCH] res_http_websocket.c: Set hostname on client for certificate
 validation.

Additionally add a `assert()` to in the TLS client setup code to
ensure that hostname is set when it is supposed to be.

Fixes #433

(cherry picked from commit 178b2df38a220db598379139fcae4b40f8d9d4c0)
---
 main/tcptls.c            | 4 ++++
 res/res_http_websocket.c | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/main/tcptls.c b/main/tcptls.c
index b6a77f72b4..63dc9a1b31 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -617,6 +617,10 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s
 	int fd, x = 1;
 	struct ast_tcptls_session_instance *tcptls_session = NULL;
 
+	ast_assert(!desc->tls_cfg
+			|| ast_test_flag(&desc->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER)
+			|| !ast_strlen_zero(desc->hostname));
+
 	/* Do nothing if nothing has changed */
 	if (!ast_sockaddr_cmp(&desc->old_address, &desc->remote_address)) {
 		ast_debug(1, "Nothing changed in %s\n", desc->name);
diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index 36dfa367fb..fb18a43566 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -1162,6 +1162,12 @@ static struct ast_tcptls_session_args *websocket_client_args_create(
 	}
 	ast_sockaddr_copy(&args->remote_address, addr);
 	ast_free(addr);
+
+	/* We need to save off the hostname but it may contain a port spec */
+	snprintf(args->hostname, sizeof(args->hostname),
+		"%.*s",
+		(int) strcspn(host, ":"), host);
+
 	return args;
 }
 
-- 
GitLab